<!DOCTYPE html>

<html xmlns:th="http://www.thymeleaf.org">
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>

<!--Page 1-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_plan.adoc}"></div>
</div>

<!--Page 2-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content1.adoc}"></div>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              th:action="@{/SqlInjection/attack2}"
              autocomplete="off">
            <table>
                <tr>
                    <td><label>SQL query</label></td>
                    <td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
                </tr>
                <tr>
                    <td><button type="SUBMIT">Submit</button></td>
                </tr>
            </table>
        </form>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

<!--Page 3-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content2.adoc}"></div>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              th:action="@{/SqlInjection/attack3}"
              autocomplete="off">
            <table>
                <tr>
                    <td><label>SQL query</label></td>
                    <td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
                </tr>
                <tr>
                    <td><button type="SUBMIT">Submit</button></td>
                </tr>
            </table>
        </form>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

<!--Page 4-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content3.adoc}"></div>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              th:action="@{/SqlInjection/attack4}"
              autocomplete="off">
            <table>
                <tr>
                    <td><label>SQL query</label></td>
                    <td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
                </tr>
                <tr>
                    <td><button type="SUBMIT">Submit</button></td>
                </tr>
            </table>
        </form>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

<!--Page 5-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content4.adoc}"></div>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              th:action="@{/SqlInjection/attack5}"
              autocomplete="off">
            <table>
                <tr>
                    <td><label>SQL query</label></td>
                    <td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
                </tr>
                <tr>
                    <td><button type="SUBMIT">Submit</button></td>
                </tr>
            </table>
        </form>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

<!--Page 6-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_before.adoc}"></div>
    <div>
        <label for="username-preview">Username:</label>
        <input id="preview-input" type="text" name="username" val=""/>
        <div class="listingblock">
            <div class="content">
                <pre>"SELECT * FROM users WHERE name = '<span id="input-preview" style="font-weight: bold;"></span>'";</pre>
            </div>
        </div>
        <script>
            $(document).ready( () => {
                $("#preview-input").on("keyup", (e) => {
                    $("#input-preview").text(e.target.value);
                });
            });
        </script>
    </div>
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_after.adoc}"></div>
</div>

<!--Page 7-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content6.adoc}"></div>
</div>

<!--Page 8-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content7.adoc}"></div>
</div>

<!--Page 9-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content11.adoc}"></div>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              th:action="@{/SqlInjection/assignment5a}">
            <table>
                <tr>
                    <td>SELECT * FROM user_data WHERE first_name = 'John' AND last_name = '</td>
                    <td><select name="account">
                        <option>Smith</option>
                        <option>'Smith</option>
                        <option>'</option>
                        <option>'Smith'</option>
                        <option>Smith'</option>
                    </select></td>
                    <td>
                        <select name="operator">
                            <option>or</option>
                            <option>and</option>
                            <option>and not</option>
                        </select>
                    </td>
                    <td>
                        <select name="injection">
                            <option>1 = 1</option>
                            <option>1 = 2</option>
                            <option>1' = '2</option>
                            <option>'1' = '1</option>
                            <option>'1' = '2</option>
                            <option>Last_Name = 'Smith</option>
                        </select>
                    </td>
                    <td>'</td>
                    <td><input
                            name="Get Account Info" value="Get Account Info" type="SUBMIT"/></td>
                </tr>
            </table>
        </form>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content12.adoc}"></div>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              th:action="@{/SqlInjection/assignment5b}">
            <table>
                <tr>
                    <td>Login_Count:</td>
                    <td><input name="login_count" type="text" required="true"/></td>
                </tr>
                <tr>
                    <td>User_Id:</td>
                    <td><input name="userid" type="TEXT" required="true"/></td>
                </tr>
                <tr>
                    <td></td>
                    <td><input
                            name="Get Account Info" value="Get Account Info" type="SUBMIT"/></td>
                </tr>
            </table>
        </form>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content8.adoc}"></div>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              th:action="@{/SqlInjection/attack8}"
              autocomplete="off">
            <table>
                <tr>
                    <td><label>Employee Name:</label></td>
                    <td><input name="name" value="" type="TEXT" placeholder="Lastname"/></td>
                </tr>
                <tr>
                    <td><label>Authentication TAN:</label></td>
                    <td><input name="auth_tan" value="" type="TEXT" placeholder="TAN"/></td>
                </tr>
                <tr>
                    <td><button type="SUBMIT">Get department</button></td>
                </tr>
            </table>
        </form>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

<!--Page 10-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content9.adoc}"></div>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              th:action="@{/SqlInjection/attack9}"
              autocomplete="off">
            <table>
                <tr>
                    <td><label>Employee Name:</label></td>
                    <td><input name="name" value="" type="TEXT" placeholder="Lastname"/></td>
                </tr>
                <tr>
                    <td><label>Authentication TAN:</label></td>
                    <td><input name="auth_tan" value="" type="TEXT" placeholder="TAN"/></td>
                </tr>
                <tr>
                    <td><button type="SUBMIT">Get department</button></td>
                </tr>
            </table>
        </form>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

<!--Page 11-->
<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content10.adoc}"></div>

    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
              th:action="@{/SqlInjection/attack10}"
              autocomplete="off">
            <table>
                <tr>
                    <td><label>Action contains:</label></td>
                    <td><input name="action_string" value="" type="TEXT" placeholder="Enter search string"/></td>
                </tr>
                <tr>
                    <td><button type="SUBMIT">Search logs</button></td>
                </tr>
            </table>
        </form>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

</html>
